Skip to main content
FOSDEM PWA

Running a highly available, ad-blocking, private DNS setup in Kubernetes

K.3.401 | Day 2 | 10:00 - 10:25 | Speakers: Nadia Santalla (she/her)

Running a highly available, ad-blocking, private DNS setup in Kubernetes
A picture of a devroom at FOSDEM 2024
Open in browser
Get involved in the conversation!Join the chat

Notes

Abstract

DNS is the most critical service that runs on small, client-focused networks. Hosting your own DNS unlocks interesting possibilities: Lower latencies, caching, DHCP hostname integration, and ad and malware blocking just to name a few. However, it also comes with great responsibility: For clients, if DNS is down, the internet is down.

In this session we will explore how we can have all those delightful features while maintaining resiliency and zero-downtime upgrades, using Kubernetes as a platform. We will cover well-established, open source projects such as dnsmasq and dnscrypt-proxy, explaining what they are, how they work, and how to compose them.

In the platform side of things, we will use Kubernetes and metallb to provide self-healing, as-code infrastructure and layer 3 failover respectively. Prior experience with Kubernetes is not required to get the most out of this session.

Attachments

Speakers

Nadia Santalla (she/her)

Nadia Santalla is a senior software engineer in Grafana Labs, with a knack for infrastructure. She has been running servers offering services for herself, friends, and small communities for 15 years. Nadia is very passionate about free software projects that solve real problems for people without hard dependencies on someone else's infrastructure. In her free time, Nadia likes to read fantasy and sci-fi and play with woodworking and machine tools in her home shop.

Notice: The placeholder video image is licensed under CC BY-SA 4.0. The original image can be found hereChanges made to the image are: Cropped the image to a new ratio, part of the image was cut off.